Feds not best guard of cyberspace

More than 90 percent of the nation’s critical information infrastructure is operated by the private sector. Protecting cyberspace, however, is not just about securing our nation’s critical information infrastructure, but promoting economic security.

The online and physical worlds have become so intertwined that vulnerabilities in the information infrastructure now pose real risks to physical establishments and individuals. One can easily envision a situation in which a hacker could electronically break into a critical infrastructure and cause the failure of a physical establishment — such as a hospital — which would result in serious injury or death.

Story Continued Below

In 2004, worldwide economic damage from digital attacks was between $46 billion and $56 billion, according to a Congressional Research Service estimate. In 2009, the White House released the “Cyberspace Policy Review,” that estimated 2008 losses from data theft to be as high as $1 trillion.

These numbers represent a good reason for the private sector to take cybersecurity seriously. The security of the American people is of paramount importance.

While the government has a crucial role to play, any policy to improve private-sector cybersecurity should not be overly burdensome and counterproductive to economic prosperity. Regulatory mandates are not only unlikely to lead to private-sector cybersecurity improvements, they would likely hinder economic growth.

The regulatory process is time-consuming and does not move at the speed of the online world. Online capabilities and capacities change rapidly — so rapidly, that any regulations for cybersecurity would probably be obsolete by the time they could be enacted, if not before.

In addition, imposing a regulatory scheme that increases costs for United States companies would put them at a competitive disadvantage to their foreign counterparts.

Similarly, any government effort to take control of the Internet through a “kill switch” should be strongly resisted. Such a drastic measure has the ability to fundamentally alter the way the Internet functions and the way online business is transacted.

Congress should be looking for ways to encourage the private sector to do more to protect its infrastructure from cyberattacks. One way would be to provide limited liability protection to companies that take steps to improve their cybersecurity capabilities.